The crackdown is a new effort to combat malicious and harmful Android apps and will apply to software distributed through the Play Store as well as third-party Android app markets. That'll involve more strictly enforcing the company's unwanted software policy, which already demands that app developers be transparent with users when collecting their personal information.
"Prior to collection and transmission, the app must prominently highlight how the user data will be used and have the user provide affirmative consent for such use", Google said. In the case of apps that are made available through other software repositories, Google says that the warning will be added to an app's website instead.
According to the new policy, any apps handling users' personal information like email addresses or phone numbers, or device data will have to prompt users before doing so. If the requirements listed are not met, warnings may be shown on user devices through Google Play Protect or on webpages that lead to these apps. This way, users can be protected even when they browse to websites that provide app installation.
The new policy is applicable to all functions of an app. This covers anything from location data to crash reports, which often include a list of apps the user has installed.
For example, the in-app disclosure must be shown within the app itself and not just the Play Store listing or on a website.
The affirmative consent request dialog needs to be presented in a clear and unambiguous way.
The Safe Browsing team is giving developers 60 days to update their apps towards this direction. Notably, these new guidelines will prevent apps from collecting user data which is not necessary.